Memory integrity verification is a useful primitive when implementing
secure processors that are resistant to attacks on hardware components.
This paper proposes new hardware schemes to verify the integrity of
untrusted external memory using a very small amount of trusted on-chip
storage. Our schemes maintain incremental multiset hashes of all memory
reads and writes at run-time, and can verify a {\em sequence} of memory
operations at a later time. We study the advantages and disadvantages of
the two new schemes and two existing integrity checking schemes, MACs
and hash trees, when implemented in hardware in a microprocessor.
Simulations show that the new schemes outperform existing schemes of
equivalent functionality when integrity verification is infrequent.